﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;

namespace Common
{
    public class SQLCheck
    {
        public static void CheckKeyWord(string sWord)
        {


            //过滤关键字
            string StrKeyWord = @"select|insert|delete|from|count\(|drop table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and";
            //过滤关键字符
            string StrRegex = @"[;|,|/|\(|\)|\[|\]|}|{|%|\@|*|!|']";
            if (!string.IsNullOrEmpty(sWord))
            {
                if (Regex.IsMatch(sWord, StrKeyWord, RegexOptions.IgnoreCase) || Regex.IsMatch(sWord, StrRegex) || sWord.IndexOf("--") >= 0)
                    throw new Exception("您的请求存在风险，请检查您的计算机环境。");
            }
        }
    }
}
